Support for non-regulatory APIs

WSO2 Open Banking supports publishing non-regulatory APIs that are not bound to any regulations or standards. You can create non-regulatory applications to access the non-regulatory APIs. Certain security aspects of regulatory applications are minimised to cater to business use cases of a bank. The non-regulatory applications access the non-regulatory APIs without transport layer security. Therefore, grant types that are not allowed in regulatory applications such as password can be used in non-regulatory applications. These features add more flexibility in designing use cases and user experiences when managing APIs and applications using WSO2 Open Banking. For example, you can publish an API to retrieve branch details and ATM details of a bank. 

Use one of the following methods to deploy a non-regulatory API in WSO2 Open Banking API Manager - API Publisher.

This document explains how to create an application that subscribes to a non-regulatory API using WSO2 Open Banking.

Create an application

This section explains how to create an application to subscribe to non-regulatory APIs.

1. Sign in to the API Store (https://<WSO2_OB_APIM_HOST>:9443/store) with a user whose roles includes Internal/subscriber.
2. Go to the  Applications tab.
   
3. Click Add Application .
   

4. Enter application details.

   Field	Description
   Name	The name of the application.
   Per Token Quota	Determines the maximum number of API requests accepted within a given duration.
   Regulatory Compliance	Determines whether this application handle regulatory compliance APIs. By default, this box is checked. Uncheck the box as this application is to subscribe for non-regulatory APIs. Once you uncheck the checkbox the Token Type field will be enabled for non-Regulatory applications.
   Description	The purpose of the application.
   Token Type	Determines the issuer of the token.  For Non-Regulatory applications, there is no restriction on the token type. You can select a preferred token type from the drop-down list (OAuth, JWT).

   

5. Click Add.

Subscribe to API

Use the application created above to subscribe to a non-regulatory API to access the API resources. Once subscribed, the application can access all the supported services of the API resources.

1. Go to the APIs tab in the API Store.
   
2. Select a non-regulatory API.
   

3. Select the application you created in the Create an application section.
   

4. Set the throttling policy to Unlimited.

5. Click Subscribe.

Generating Keys

After creating an application it is configured as a Non-Regulatory application. Follow the steps below to generate keys:

1. Sign in to the API Store as a TPP user.
2. Go to the Applications tab.
    
3. Select either of the following tabs:

1. Production Keys: Generates access tokens in the production environment.

2. Sandbox Keys: Generates access tokens in the sandbox environment.

4. Provide the requested information.

   Field	Description
   Grant Types	Determines the credentials that are used to generate the access token. All the grant types are applicable for non-regulatory applications and you may select them by checking the boxes.
   Callback URL	The URL used by the application to receive the authorisation code sent from the bank. The authorisation code can be used later to generate an OAuth2 access token.

   

5. To generate consumer key and consumer secret:

   • If you are generating production keys: Click Request Access. If workflows are configured in the solution, it sends a request to Approver user to approve the token generation. Otherwise, it generates consumer key and consumer secret.

   • If you are generating sandbox keys: Click Generate Keys. 

6. Use the generated cURL commands to generate access tokens to invoke a non-regulatory API.